close
close

Android users, delete this ‘dangerous’ crypto app from your Android phones

Android users, delete this ‘dangerous’ crypto app from your Android phones

A. cyber security The company detected a malicious app Google Play Store designed to steal cryptocurrency. What makes this app so dangerous is that it evaded detection for over 5 months before being removed from the store. It was first uploaded to Google Play in March 2024.
According to a report prepared by Checkpoint ResearchA. crypto filter application name WalletConnect – Airdrop Wallet targeted Android mobile device users exclusively and used modern evasion techniques by sharing as a legitimate tool for Web3 applications to avoid detection.

How did this app avoid detection?

It is noteworthy that this fake app uses the legitimacy of the WalletConnect protocol, which connects crypto wallets to decentralized applications. The report stated that hackers were able to steal around $70,000 (approximately 58.6 lakh) cryptocurrencies from victims in 5 months.
Moreover, fake positive reviews and the use of the most modern crypto-draining toolkit helped the app reach more than 10,000 downloads by changing the search rankings.

Techniques hackers use to steal data

Connecting to WalletConnect is often difficult for a variety of reasons. One of them is that not all wallets support WalletConnect. There are times when users do not have the latest version. Hackers have reportedly taken advantage of these difficulties and tricked users into believing that the fake app provides an easy solution.
After users downloaded and launched the WalletConnect malicious app, they were prompted to connect their wallets. Hackers then used phishing websites and apps that impersonate legitimate cryptocurrency platforms to convince users to authorize an illegal transaction from their crypto wallets; This allowed the Drainer app to transfer digital assets to hackers.
Approximately 20 users whose funds were stolen left negative reviews on Google Play, but malware developers quickly flooded the page with fake positive reviews to mask negative reviews and make the app appear legitimate to mislead other potential victims.